---
# Define resources for this group of hosts here.
# Neeed for rsync from log01 for logs.
custom_rules: ['-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT']
deployment_type: prod
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
  - can_send:
      - logger.log
    group: sysadmin
    owner: root
    service: shell
  - can_send:
      - github.commit_comment
      - github.create
      - github.delete
      - github.fork
      - github.gollum
      - github.issue.assigned
      - github.issue.closed
      - github.issue.comment
      - github.issue.edited
      - github.issue.labeled
      - github.issue.milestone
      - github.issue.opened
      - github.issue.reopened
      - github.issue.unassigned
      - github.issue.unlabeled
      - github.label
      - github.member
      - github.page_build
      - github.pull_request.assigned
      - github.pull_request.closed
      - github.pull_request.edited
      - github.pull_request.labeled
      - github.pull_request.opened
      - github.pull_request_review
      - github.pull_request_review_comment
      - github.pull_request.review_requested
      - github.pull_request.synchronize
      - github.pull_request.unlabeled
      - github.push
      - github.release
      - github.repository_vulnerability_alert
      - github.star
      - github.status
      - github.team_add
      - github.webhook
    group: apache
    owner: root
    service: github2fedmsg
ipa_client_shell_groups:
  - sysadmin-noc
  - sysadmin-veteran
ipa_host_group: github2fedmsg
ipa_host_group_desc: Bridge select GitHub repo events into bus messages
lvm_size: 20000
mem_size: 2048
num_cpus: 2
primary_auth_source: ipa
tcp_ports: [80]
# for fedora-messaging
username: "github2fedmsg{{ env_suffix }}"
sent_topics: ^org\.fedoraproject\.{{ env_short }}\.github\..*
# Definining these vars has a number of effects
# 1) mod_wsgi is configured to use the vars for its own setup
# 2) iptables opens enough ports for all threads for fedmsg
# 3) roles/fedmsg/base/ declares enough fedmsg endpoints for all threads
wsgi_fedmsg_service: github2fedmsg
wsgi_procs: 2
wsgi_threads: 2
